Lucene search
HistoryJul 20, 2022 - 2:15 a.m.
CVE-2022-32962
hicos
client-side
citizen certificate
vulnerability
double free
memory corruption
arbitrary code
system data
service termination
CVSS3
6.8
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
23.3%
HiCOS’ client-side citizen certificate component has a double free vulnerability. An unauthenticated physical attacker can exploit this vulnerability to corrupt memory and execute arbitrary code, manipulate system data or terminate service.
Affected configurations
Node
hinethicos_natural_person_credential_component_clientMatch3.0.3.30306linux
ORhinethicos_natural_person_credential_component_clientMatch3.0.3.30404macos
ORhinethicos_natural_person_credential_component_clientMatch3.1.0.00002windows
| Vendor | Product | Version | CPE |
|---|---|---|---|
| hinet | hicos_natural_person_credential_component_client | 3.0.3.30306 | cpe:2.3:a:hinet:hicos_natural_person_credential_component_client:3.0.3.30306:*:*:*:*:linux:*:* |
| hinet | hicos_natural_person_credential_component_client | 3.0.3.30404 | cpe:2.3:a:hinet:hicos_natural_person_credential_component_client:3.0.3.30404:*:*:*:*:macos:*:* |
| hinet | hicos_natural_person_credential_component_client | 3.1.0.00002 | cpe:2.3:a:hinet:hicos_natural_person_credential_component_client:3.1.0.00002:*:*:*:*:windows:*:* |
Related
cvelist
cvelist
CVE-2022-32962 HiCOS’ client-side citizen digital certificate - Double Free
2022-07-20 02:03:43
cve
cve
CVE-2022-32962
2022-07-20 02:15:07
prion
prion
Double free
2022-07-20 02:15:00
CVSS3
6.8
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
23.3%
Related for NVD:CVE-2022-32962